10000 fix: pg_net grants post pg-upgrade (#905) · GQAdonis/postgres@aa7cc37 · GitHub
[go: up one dir, main page]
Skip to content

Commit aa7cc37

Browse files
pcncpcnc
authored
fix: pg_net grants post pg-upgrade (supabase#905)
1 parent 8e336d2 commit aa7cc37

File tree

1 file changed

+30
-1
lines changed
  • ansible/files/admin_api_scripts/pg_upgrade_scripts

1 file changed

+30
-1
lines changed

ansible/files/admin_api_scripts/pg_upgrade_scripts/complete.sh

Lines changed: 30 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,32 @@ function cleanup {
2424
exit "$EXIT_CODE"
2525
}
2626

27+
function execute_patches {
28+
# Patch pg_net grants
29+
PG_NET_ENABLED=$(run_sql -A -t -c "select count(*) > 0 from pg_extension where extname = 'pg_net';")
30+
31+
if [ "$PG_NET_ENABLED" = "t" ]; then
32+
PG_NET_GRANT_QUERY=$(cat <<EOF
33+
GRANT USAGE ON SCHEMA net TO supabase_functions_admin, postgres, anon, authenticated, service_role;
34+
35+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
36+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SECURITY DEFINER;
37+
38+
ALTER function net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
39+
ALTER function net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) SET search_path = net;
40+
41+
REVOKE ALL ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
42+
REVOKE ALL ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) FROM PUBLIC;
43+
44+
GRANT EXECUTE ON FUNCTION net.http_get(url text, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
45+
GRANT EXECUTE ON FUNCTION net.http_post(url text, body jsonb, params jsonb, headers jsonb, timeout_milliseconds integer) TO supabase_functions_admin, postgres, anon, authenticated, service_role;
46+
EOF
47+
)
48+
49+
run_sql -c "$PG_NET_GRANT_QUERY"
50+
fi
51+
}
52+
2753
function complete_pg_upgrade {
2854
if [ -f /tmp/pg-upgrade-status ]; then
2955
echo "Upgrade job already started. Bailing."
@@ -45,9 +71,12 @@ function complete_pg_upgrade {
4571
echo "4. Running generated SQL files"
4672
retry 3 run_generated_sql
4773

74+
echo "4.1. Applying patches"
75+
execute_patches || true
76+
4877
run_sql -c "ALTER USER postgres WITH NOSUPERUSER;"
4978

50-
echo "4.1. Applying authentication scheme updates"
79+
echo "4.2. Applying authentication scheme updates"
5180
retry 3 apply_auth_scheme_updates
5281

5382
sleep 5

0 commit comments

Comments
 (0)
0